MITRE ATT&CK / T1567.001
T1567.001
Exfiltration to Code Repository
SUB-TECHNIQUE Exfiltration
Description
Adversaries may exfiltrate data to a code repository rather than over their primary command and control channel. Code repositories are often accessible via an API (ex: https://api.github.com). Access to these APIs are often over HTTPS, which gives the adversary an additional level of protection.Exfiltration to a code repository can also provide a significant amount of cover to the adversary if it is a popular service already used by hosts within the network.
Platforms
ESXiLinuxmacOSWindows
Mitigations
- M1021 — Restrict Web-Based Content
Look up any technique
Use our free MITRE ATT&CK lookup tool, or browse the full ATT&CK matrix.
Source: MITRE ATT&CK Enterprise matrix. View on attack.mitre.org →